Data Protection

Where personal data is processed, you are a data subject as understood by the GDPR and you are entitled to the following rights vis-à-vis the data controller. To exercise these rights, you may contact our data protection officer at any time.

1.    Right to Information

You can request confirmation from the data controller as to whether your personal data is being processed by us.
Should this be the case, you may request the following information from the data controller:
(1)       the purposes for which the personal data is being processed;
(2)       the categories of personal data being processed;
(3)       the recipients or categories of recipients to whom your personal data relating has been or will be disclosed;
(4)       the planned duration of the storage of your personal data or, where it is not possible to provide specific information in this matter, criteria for determining the storage period;
(5)       the existence of a right to have your personal data rectified or erased, a right to limit the processing by the controller or a right to object to such processing;
(6)       the existence of a right of appeal to a supervisory authority;
(7)       all available information on the origin of the data, where the personal data is not collected from the data subject;
(8)       the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information concerning the logic involved as well as the scope and intended consequences of such processing for the data subject.
 
You have the right to request information as to whether your personal data is to be transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2.    Right to rectification

You have the right to rectification or completion vis-à-vis the data controller if the personal data processed relating to you is inaccurate or incomplete. The data controller must carry out the rectification without delay.

3.    Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:
(1)       if you dispute the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
(2)       the processing is unlawful, and you refuse to have the personal data erased and instead request that the use of the personal data be restricted;
(3)       the controller no longer needs the personal data for the purposes of processing, but you need the data for the assertion, exercise or defense of legal claims, or
(4)       if you have submitted an objection to the processing in accordance with Art. 21 (1) GDPR and it has not yet been established whether the legitimate grounds of the data controller override your grounds.
 
If the processing of your personal data has been restricted, such data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
 
If the processing has been restricted pursuant to the above conditions, you will be informed by the controller before the restriction is lifted.

4.    Right to erasure

a)      Duty to erasure

You may request that the data controller erase your personal data without delay; the data controller is obliged to erase this data without delay if one of the following reasons applies:

(1)       Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2)       You revoke your consent on which the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR was based and there is no other legal basis for the processing.
(3)       In accordance with Art. 21 (1) GDPR you object to the processing, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
(4)       Your personal data has been processed unlawfully.
(5)       The erasure of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States that the controller is subject to.
(6)       Your personal data has been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

b)      Information to third parties

Should the controller have made your personal data public and they are obliged to erase the data in accordance with Art. 17 (1) GDPR, they shall, while taking into account the available technology and the implementation costs, carry out appropriate measures, including technical measures, to inform the data controllers who process the personal data that you, as the data subject, have requested them to erase all links to this personal data or copies or replications of thereof.

c)      Exceptions

The right to erasure does not apply where the processing is necessary:
 
(1)       for the exercise of freedom of expression and information;
(2)       for the fulfilment of a legal obligation that requires the processing under the law of the European Union or of the Member States that the controller is subject to, or for the performance of a task that serves the public interest or takes place in the exercise of official authority vested in the controller;
(3)       for reasons concerning public interest in the field of public health in accordance with Art. 9 (2) lit. h & i and Art. 9 (3) GDPR;
(4)       for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law referred to under section a) is likely to make impossible or seriously impair the attainment of the objectives of such processing, or
(5)       for the assertion, exercise, or defense of legal claims.

5.    Right to notification

If you have exercised your right to the rectification, erasure or restriction of the processing of your personal data vis-à-vis the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of such rectification, erasure or restriction, except when this proves impossible or involves a disproportionate effort.
 
You have the right to be notified of such recipients by the data controller.

6.    Right to data portability

You have the right to receive your personal data that you have provided to the controller and in a structured, commonly used and machine-readable format. Furthermore, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
 
(1)       the processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract in accordance with Art. 6 (1) lit. b GDPR and
(2)       the processing is carried out by automated means.
 
In exercising this right, you furthermore have the right to insist that the personal data concerning you be transferred directly from one data controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.
The right to data portability does not apply for the processing of personal data necessary for the performance of a task that serves the public interest or takes place in the exercise of official authority vested in the controller.

7.    Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 (1) lit. e or f GDPR.
 
The data controller will no longer process your personal data, unless they are able to prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves the assertion, exercise, or defense of legal claims.
 
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.
 
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
 
You have the option of exercising your right of objection in connection with the use of information society services – notwithstanding Directive 2002/58/EC – via automated means using technical specifications.

8.    Right to withdraw data protection consent

You have the right to withdraw your data protection consent at any time. The withdrawal of your consent shall not affect the legality of the processing carried out on the basis of your consent prior to revocation.

9.    Right to complain to another supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement if you are of the opinion that the processing of your personal data is in breach of the GDPR.
 
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Article 78 GDPR.
 
The competent supervisory authority in Berlin is the
 
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219, 10969 Berlin
Tel.: +49 30 13889-0
Fax: +49 30 2155050
e-mail: mailbox(at)datenschutz-berlin.de

I. Provision of the Website and Creation of Log Files

Our websites collect a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the log files of the server.
 
The following data is collected in the process:
 

• The user’s IP address
• Date and time of access

     
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed for:

• correctly delivering and optimising the content of our website,
• guaranteeing the long-term operability and security of our information technology systems and our website technology as well as
• providing law enforcement authorities with the information they need for criminal prosecution in the case of a cyber attack.

In the members’ area, the login data (user name and email address) are also recorded and stored. This is necessary to authenticate members and prevent unauthorised access.

This data and information are therefore evaluated both statistically and with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by the data subject.
 
We work together with a hosting provider (Mandarin Medien) for our website. The hosting services enable us to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we employ for the purpose of operating this website.
In the process we or our hosting provider (Mandarin Medien) process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of this online content in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).
 
The data will be erased as soon as it is no longer required to achieve the purpose of its collection. Concerning the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest.

II. Use of Cookies

1.    Description and scope of the data processing

Description and scope of the data processing
Our websites use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. This enables a cookie to be stored on a user's computer when the user visits a website. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again in future.
 
You can deactivate cookies in your browser. Should you do so, however, it may be the case that the functionality of our website is no longer available to you in its entirety.
 
We use cookies in order to optimise the content and use of our websites for visitors to our websites and as such make visiting the websites and the respective sub-pages more convenient. The use of cookies serves to make the log-in procedure easier and also to determine the frequency of use and the number of users of our website and to provide you with individual user functions.
The user data collected in this way is pseudonymised via technical precautions. It is therefore no longer possible to assign the data to the user accessing the page. This data is not stored together with other personal data of the users.

2.    Legal basis for the data processing

The legal basis for processing personal data involving the use of cookies is Art. 6 (1) lit. f GDPR.

3.    Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our websites cannot be provided without the use of cookies. For these it is necessary for the browser to be recognised again also after a page change.
 
The user data collected by technically necessary cookies is not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and thereby enable us to continually optimise our content.
 
These purposes also include our legitimate interest in processing personal data in accordance with Art. 6 (1) lit. f GDPR.

4.     Duration of storage, option of objection and disposal

Cookies are stored on the computer of the user and transmitted to our site by the latter. As a user you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Previously saved cookies can be deleted at any time. This can also be done using an automatic function. If cookies are deactivated for our websites, it is possible that not all functions of the websites can still be used to their full extent.

III. Newsletter

1.    Description and scope of the data processing

Our website https://www.zif-berlin.org/en gives you the option of subscribing to free newsletters. The data from the input mask, name and e-mail address are transmitted to us when users register for the newsletter. The data will be used by us exclusively for the dispatch of the newsletter.

In addition, the following data is collected during registration:

·       IP address of the accessing computer

·       Date and time of registration

The newsletter is sent via the e-mail marketing service provider CleverReach® GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The privacy policy of the service provider is available here: https://www.cleverreach.com/de/datenschutz/
The service provider is employed on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR and an order processing agreement pursuant to Art. 28 (3) sentence 1 GDPR.
The service provider may use the pseudonymised data of the recipients to improve its own services (e.g. for the technical optimisation of sending and presentation of the newsletter) or for statistical purposes. Furthermore, the service provider is prohibited from using the data of newsletter recipients for its own purposes, such as for mailings, and prohibited from passing that data on to third parties.

2.    Legal basis for the data processing

The legal basis for processing data following registration for the newsletter by the user is, after the user has given their consent, Art. 6 (1) lit. a GDPR.

3.    Purpose of the data processing

The collection of the user's e-mail address serves the purpose of posting the newsletter.
 
The collection of other personal data within the scope of the registration process serves to prevent misuse of the services or the e-mail address used.

4.    Duration of storage

Data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will accordingly be stored for as long as the newsletter subscription remains active. Contractual and legal regulations – especially retention periods – remain unaffected. This applies in particular to users of the ZIF members’ area.
Other personal data collected within the scope of the registration process will normally be erased after a period of seven days.

5.    Option of objection and disposal

The subscription to the newsletter may be cancelled at any time by the user concerned via the registration page. This also entails the revocation of consent to the storage of personal data collected during the registration process.
In the members’ area, under "personal settings", users can reject or consent to receiving individual or all newsletters.

IV. Contact Form

1.    Description and scope of data processing

On our websites www.zif-berlin.org and https://tech-blog.zif-berlin.org, we offer you the option of submitting inquiries to us using a contact form. When an inquiry is made, we register and store the data from the input mask, as well as name and e-mail address. We require this information in order to be able to process your inquiry quickly and so that we can contact you.
This personal data will not be shared with third parties. The data will be used solely for purposes of answering your inquiry.

2.    Legal basis for the data processing

The legal basis for data processing is our legitimate interest in answering your inquiry to the ZIF, pursuant to Art. 6 (1) lit. f GDPR

3.    Purpose of the data processing

The purpose of the collection of the contact data is to answer your inquiry.
 
The collection of other personal data in the context of the contact form serves to prevent misuse of the services or of the email address used.

4.    Duration of storage, option of objection and disposal

The data you enter in the contact form is retained by us until you request it to be deleted, revoke your consent or if the purpose of the data storage ceases to apply, for example after the processing of your request is complete. Mandatory statutory provisions – in particular retention periods – remain unaffected.
 
Other personal data collected within the framework of the registration procedure will as a rule be deleted after a period of seven days.
You have the option of objecting to the data processing and requesting the deletion of your data.

V. Google Maps

On our website www.zif-berlin.org, we use Open Street Maps (OSM) to show interactive maps and to generate directions for getting to specific locations. The service provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

The following data will be transmitted to OSM servers: those of our website pages that you visited and the IP address of the accessing computer. For this purpose, OpenStreetMap may store cookies on your browser. We have no influence on and can take no responsibility for the processing and use of this data by Google.

The legal basis for processing your data by OSM is Art. 6 (1) lit.f GDPR (legitimate interest in processing data). This legitimate interest is based on our need to depict our online content and facilitate the finding of locations indicated on our homepage. The service enables us to present an attractive website, on which maps are downloaded from an external server.

More information on how data are handled can be found in OSM’s data protection policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

VI. Google Fonts

On our websites www.zif-berlin.org and https://tech-blog.zif-berlin.org, we use external fonts from Google fonts. The responsible provider for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company Google LLC is located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The legal basis for the use of Google Fonts is our legitimate interest in the improvement and optimisation of our websites through enhanced load times, lower administrative effort, uniform display across different types of devices and increased public visibility in accordance with Art. 6 (1) lit f. GDPR.

The use of Google Fonts takes place through a server call, usually a Google server in the United States. In this way, information on which pages of our website you have visited and your IP address may be transmitted to the server.
We have no influence on and can take no responsibility for the processing and use of data by Google.

Googles data protection policy can be found here: https://policies.google.com/privacy?hl=de or https://fonts.google.com/

VII. Web Analysis by Matomo (formerly PIWIK)

1.   Scope of the processing of personal data

On our websites we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the user's computer (for “cookies” see above). When individual pages of our websites are accessed, the following data is stored:
(1)   The last three digits of the IP address of the user's accessing system are anonymised so that no personal data is stored here
(2)   The website accessed
(3)   The website from which the user accessed the relevant webpage (“referrer”)
(4)   The sub-pages accessed from the relevant web page
(5)   The time spent on the website
(6)   How frequently the webpage is accessed
The software runs exclusively on the servers of our website. Any storage of the personal data of users takes place only there. The data will not be passed on to third parties.

2.    Legal basis for the processing of personal data

The legal basis for processing users’ personal data is consent (Art. 6 (1) lit. a GDPR) and legitimate interest (Art. 6 (1) lit f. GDPR).

3.    Purpose of the data processing

The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data collected, we are able to compile information on the usage of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also include our legitimate interest in the processing of data in accordance with Art. 6 (1) lit. f GDPR. Anonymising the IP address ensures that the interest of users in the protection of their personal data is sufficiently taken into account. 

4.    Duration of storage

The data will be erased as soon as it is no longer needed for our evaluation purposes. In our case this takes place after 90 days.

5.    Option of objection and disposal

Cookies are stored on the computer of the user and transmitted to our site by the latter. As a user you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Previously saved cookies can be deleted at any time. This can also be done using an automatic function. If cookies are deactivated for our websites, it is possible that not all functions of the websites can still be used to their full extent.

For further information on the privacy settings of Matomo Software please go to: https://matomo.org/docs/privacy/.

VIII. Changes to Our Data Protection Provisions

This privacy statement and the privacy notice will be revised when changes are made to this website or as other circumstances arise that require this. The current version can always be found on this website.

Data Protection for Events

1.    Description and scope of the data processing

The preparation and realisation of events with invited guests as well as events requiring registration involves the collection of the personal data of participants. The data provided is stored electronically by the
Berlin Center for International Peace Operations (ZIF) for the organisation of the event. Your data will not be unlawfully forwarded to third parties.
 
The Center for International Peace Operations (ZIF) may make audio and video recordings in the course of the event. The image material serves documentation purposes and for the information activities and public relations work of the ZIF, e.g. for the publication of selected photos on the websites or in information material.

2.     Legal basis for the data processing

The legal basis for the processing of personal data following registration for the event by the user is, where they have given their consent, Art. 6 (1) lit. a GDPR. The legal basis for the processing of personal data in the form of image recordings of the users is Art. 6 (1) lit. f GDPR.

3.    Purpose of the data processing

The collection of participant data serves to prepare the event and is – depending on the event – necessary for the fulfilment of security requirements of the event. Accordingly, the processing of personal data is a prerequisite for the performance of the contract in accordance with Art. 6 (1) lit. a GDPR.
 
In the case of an online registration for events with ZIF photographers, the personal data (name, event, date of registration for the event) will be stored as proof of knowledge of the prior references to image recordings. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR.

4.    Duration of storage

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Furthermore, the data may be stored if the European or national legislator has provided for this in regulations, laws or other stipulations laid down by European Union legislation that the data controller is subject to. The data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further retention of the data for the purposes of concluding or performing a contract.

5.    Option of objection

You can withdraw your consent at any time to the Center for International Peace Operations (ZIF). Please note that due to security requirements, participation in an event can then no longer be guaranteed.
 
Should you have any questions regarding image recordings, please contact our data protection officer.

Data Protection for Applications and in the Application Process

Applications sent to us electronically or by post will be processed electronically or manually for the purpose of implementing the application process.
 
The application process requires that applicants provide us with their applicant data. The necessary applicant data is derived from the job descriptions, and generally includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. Applicants may also voluntarily provide us with additional information.
By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy statement.
 
If special categories of personal data as understood by Art. 9 (1) GDPR are voluntarily provided as part of the application process, they will also be processed in accordance with Art. 9 (2) lit. b GDPR (e.g. health-related data, such as severe disability status or ethnic origin). Insofar as special categories of personal data as understood by Art. 9 (1) GDPR are requested from applicants as part of the application procedure, their processing will also be carried out pursuant to Art. 9 (2) lit. a GDPR (e.g. health-related data where required for the exercise of a profession).
 
The legal basis for the processing is Art. 6 (1) S.1 lit. b) GDPR and Art. 26 of German Privacy Law (BDSG) as amended. If an employment relationship is entered into with the applicant after conclusion of the application process, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after conclusion of the application process, your submitted letter of application including documents will be deleted six months after dispatch of the rejection in order to be able to satisfy any claims and obligations to provide evidence according to the German General Equal Treatment Act (AGG).

Social Media

The ZIF is present on various social media platforms in order to provide information on the work of the ZIF, and for the purposes of facilitating an exchange with interested parties and members.
 
The legal basis for the use of social media is our legitimate interest in increasing our recognition through social media and the possibility of interaction with you and users among each other via social media in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
 
We have no influence on the data collected and the data processing procedures. Nor do we have any knowledge of the scope of the data collection, the purpose of the processing and the storage periods. We likewise have no information on the erasure of the collected data by the plug-in provider.
 
With regard to the purpose and scope of data collection and processing, we refer to the respective privacy policies of the social media providers. You will additionally find information there on your rights and settings options concerning the protection of your personal data.

LinkedIn

Social network, service provoder: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.linkedin.com: data protection policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Twitter

Social network; service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Data protection policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization

YouTube

Social network; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
Data protection policy: https://policies.google.com/privacy; Opt-out: https://adssettings.google.com/authenticated

Changes to Our Data Protection Provisions

This privacy statement and the privacy notice will be revised when changes are made to this website or as other circumstances arise that require this. The current version can always be found on this website.